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© Two novel cryptographic modes are presented in which a perturbation of the encrypted character stream (b) 
always results in a permanent perturbation of the output stream (c) of the decryption device. Two options are 
presented: feedback of the encryption character stream (d and e, respectively) and simultaneously feeding back, 
in accordance with a function f, (option 1) the encrypted character stream (b) or (option 2) the original character 
stream (a) to the encryption side and, respectively, the output character stream (c) to the decryption side. 
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A BACKGROUND OF THE INVENTION 

The invention relates to a cryptographic system, comprising an encryption device on one side of a 
transmission system, for encrypting a first character stream into a second character stream, and a 
5 decryption device on another side of the transmission system, for decrypting the second character stream, 
presented via the transmission system, into a third character stream which under normal conditions is a 
replica of the first character stream, the first character stream being mixed in the encryption device with a 
fourth character stream generated in said encryption device, and the product of mixing resulting therefrom 
being presented as the second character stream to the transmission system, and the second character 
w stream supplied via the transmission system being mixed in the decryption device with a fifth character 
stream generated in said decryption device and the product of mixing resulting therefrom being picked up 
from the device as the third character stream, the fourth character stream in the encryption device being a 
function of an internal character string, referred to as key string, and, by feedback, said fourth character 
stream, and the fifth character stream in the decryption device being a function of a key string, identical to 
15 the one in the encryption device, and, by feedback, said fifth character stream. The invention also relates to 
a cryptographic device for encrypting or decrypting a first character stream supplied to said device into a 
second character stream, said first character stream being mixed with a third character stream which is 
generated in said device and is a function of an internal character string, referred to as key string, and, by 
feedback, said third character stream. 
20 The known cryptographic system indicated above comprises cryptographic devices which operate in 
the so-called "Output Feedback Mode" (OFB), of which Figure 1 gives a schematic illustration. A closely 
related cryptographic mode, the "Cipher Feedback Mode" (CFB) is depicted schematically in Figure 2. 
Under normal conditions, the character stream (c) emitted by the decryption devices (on the right hand side 
in the figures) is a perfect replica of the character stream (a) presented to the encryption devices (on the 
25 left hand side in the figures). If, however, in the encrypted character stream (b) - which as a result of the 
encryption is completely different from the presented character stream - an error occurs, be it the change of 
the value of a character in said character stream (such as a "bit flip", in which a "1" in a bit stream 
becomes a "0" or vice versa), be it a character being omitted or, just the opposite, an additional character 
occurring, the cryptographic system will respond as follows: 
30 - if, as represented in Figure 1, the cryptographic devices operate in accordance with the OFC mode, 
the change in the value of a character in the encrypted character stream will, to be sure, cause a 
perturbation of the character stream (c) emitted by the decryption device, said character stream 
consequently not being a correct replica of the original character stream, but that perturbation will 
correct itself. The omission or the "insertion" of a character, however, causes a permanent perturba- 
35 tion in the output stream of the decryption device; 

- if, as represented in Figure 2, the cryptographic devices operate in accordance with the CFB mode, 
the change in the value of a character in the encrypted character stream will, as in the case of the 
OFB mode, cause a perturbation, for some time (in the case of OFB for only one bit, in the case of 
CFB for more bits), of the character stream (c) emitted by the decryption device which, however, is 
40 restored again after some time. The omission or the "insertion" of a character likewise does not, 

however, in the CFB mode cause any permanent perturbation in the output stream of the decryption 
device either, in these cases, too, the output stream of the decryption device being restored after 
some time. The restoration of the output stream of the decryption device (in the case of OFB 
therefore only in the event of "bit flip" and in the case of CFB in all cases) is caused by (in 
45 accordance with ISO/IEC Standard 10116:1991) the fed-back character stream being combined in 

accordance with a one-way function with the said key string (indicated in the figures by KEY). 
While the self-correcting nature of the OFB mode and, in particular, the CFB mode can often be 
advantageous, it can also be a drawback. In particular, the fact is that if the perturbations of the decrypted 
character stream are the result of wilful action by a third party (an "intruder"), such an action can in many 
so cases not be detected on the receiving side (namely in those cases where the perturbation again corrects 
itself after a short while, [lacuna] 

B DESCRIPTION OF THE INVENTION 

55 The invention provides two novel cryptographic modes, in which a perturbation of the encrypted 
character stream, irrespective of what type of perturbation, always results in a permanent perturbation of the 
output stream of the decryption device. In so doing, the invention provides two options: feedback, in 
conformity with the OFB mode, of the "KEY output" (d and e in Figures 1 and 2) and feedback, in 
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accordance with a specific function, of the encrypted character stream (option 1) or of the original character 
stream on the encryption side, or of the output character stream on the decryption side, respectively. These 
options are shown schematically in Figures 3 and 4. 

The Tables 1 and 2 show the results of the encryption and decryption of a bit stream in accordance 
with the OFB mode and the CFB mode. At the same time, the result is also shown of a perturbation in the 
encrypted bit stream, viz. a "bit flip" a "bit deletion" and a "bit insertion" of the 20th bit (in the tables this is 
the bit underneath the letter M in the text line "ENCRYPTED BIT STREAM". The following is shown for the 
various modes: 

- the PLAIN TEXT BIT STREAM (<BITS.IN>), in Figures 1-4 represented by a (a bit stream having a 
regular pattern was chosen so as to make it fairly simple to look at the results); 

- the ENCRYPTED BIT STREAM ((BITS.ENO), in Figures 1-4 represented by b, and 

- the DECRYPTED BIT STREAM ((BITS. DEO), in Figures 1-4 represented by c; 
then the results of the perturbations: 

* BIT FLIP OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>) 
DECRYPTED BIT STREAM ((BITS. DEO); 

* BIT DELETION OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM ((BIT.ENO) 
DECRYPTED BIT STREAM ((BITS.DEO); 

* BIT INSERTION AFTER BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM ((BIT.ENO) 
DECRYPTED BIT STREAM ((BITS.DEO) 

From Tables 1 and 2 it can be gathered that in both cases, the OFB mode and the CFB mode, 
automatic restoration takes place in the event of a "bit flip", while in the CFB mode the output stream is 
also restored after a bit has been omitted or inserted. 

Table 3 depicts the results of encryption and decryption of the same bit stream in accordance with the 
first mode of the invention, which hereinafter is referred to as "Output/Cipher Feedback" (OCFB) mode. It 
can be seen that any type of perturbation results in an irreparable perturbation of the bit stream at the 
output of the decryption device. Table 4 depicts the results of the encryption and decryption of the same bit 
stream in accordance with the second mode of the invention which hereinafter is referred to as "Out- 
put/Plain Feedback" (OPFB) mode. It can be seen that in this mode, too, any type of perturbation results in 
an irreparable perturbation of the bit stream at the output of the decryption device. Tables 5 and 6 give the 
source code of programs in which the operation of an encryption device and decryption device in 
accordance with various modes can be demonstrated, as well as the effects of perturbations of the 
encrypted bit stream on the decrypted bit stream as shown in Tables 1-4. 

C DESCRIPTION OF THE FIGURES 

Figure 1 schematically shows an OFB encryption device and an OFB decryption device, linked to one 
40 another by a transmission. medium. 

Figure 2 schematically shows a CFB encryption device and a CFB decryption device, linked to one 
another by a transmission medium. 

Figure 3 schematically shows an OCFB encryption device and an OCFB decryption device, linked to 
one another by a transmission medium. 
45 Figure 4 schematically shows an OPFB encryption device and an OPFB decryption device, linked to 

one another by a transmission medium. 

Figure 5 shows, in detail, a specific embodiment of a CFB encryption module in accordance with the 
simulation program shown in Table 5; the operations schematically indicated in the figure are provided with 
references to the corresponding line numbers in said program. 
50 Figure 6 shows, in detail, a specific embodiment of a CFB decryption module in accordance with the 

simulation program shown in Table 6; the operations schematically indicated in the figure are provided with 
references to the corresponding line numbers in said program. 

Figure 7 shows, in detail, a specific embodiment of an OFB encryption module in accordance with the 
simulation program shown in Table 5; the operations schematically indicated in the figure are provided with 
55 references to the corresponding line numbers in said program. 

Figure 8 shows, in detail, a specific embodiment of an OFB decryption module in accordance with the 
simulation program shown in Table 6; the operations schematically indicated in the figure are provided with 
references to the corresponding line numbers in said program. 
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Figure 9 shows, in detail, a specific, embodiment of an OCFB encryption module in accordance with the 
simulation program shown in Table 5; the operations schematically indicated in the figure are provided with 
references to the corresponding line numbers in said program. 

Figure 10 shows, in detail, a specific embodiment of an OCFB decryption module in accordance with 
5 the simulation program shown in Table 6; the operations schematically indicated in the figure are provided 
with references to the corresponding line numbers in said program. 

Figure 11 shows, in detail, an improved specific embodiment of an OCFB encryption module in 
accordance with the simulation program shown in Table 5; the operations schematically indicated in the 
figure are provided with references to the corresponding line numbers in said program. 
10 Figure 12 shows, in detail, an improved specific embodiment of an OCFB decryption module in 

accordance with the simulation program shown in Table 6; the operations schematically indicated in the 
figure are provided with references to the corresponding line numbers in said program. 

Figure 13 shows, in detail, a specific embodiment of an OPFB encryption module in accordance with 
the simulation program shown in Table 5; the operations schematically indicated in the figure are provided 
15 with references to the corresponding line numbers in said program. 

Figure 14 shows, in detail, a specific embodiment of an OPFB decryption module in accordance with 
the simulation program shown in Table 6; the operations schematically indicated in the figure are provided 
with references to the corresponding line numbers in said program. 

In Figure 1, a bit stream a is added modulo 2 to an encryption bit stream d, resulting in encrypted bit 
20 stream b. This is decrypted again, on the right hand side in the figure, by modulo-2 addition with a 
decryption bit stream e, identical to encryption bit stream d. The resulting bit stream e is an exact replica of 
the original "plain text" bit stream a. Bit stream d and bit stream e are both generated by means of a secret 
key bit string KEY which is identical on both sides of the system. The bit strings d and e are fed back and, 
via a register REG, are combined in accordance with a one-way function, for example in blockstream mode, 
25 with the key string. 

In Figure 2, a bit stream a is likewise added modulo 2 to an encryption bit stream d, resulting in 
encrypted bit stream b. This is decrypted again, on the right hand side in the figure, by modulo-2 addition 
with a decryption bit stream e, identical to encryption bit stream d. The resulting bit stream e is an exact 
replica of the original "plain text" bit stream a. Bit stream d and bit stream e are both generated by means 
30 of a secret key bit string KEY which is identical on both sides of the system. In the mode shown in this 
figure, however, it is not the bit strings d and e which are fed back and, via a register REG, combined in 
accordance with a one-way function with the key string KEY, but (on both sides of the system) the 
encrypted bit stream b. 

In the above, the drawbacks of the known modes have already been considered, i.e. the self-correcting 
35 nature, as result of which possible manipulations in the encrypted bit stream b cannot necessarily be 
detected. 

In Figure 5, the plain text input bit stream is added modulo 2 to an encryption bit stream which is 
generated by feeding said bit stream to a 16-bit shift register. The content of said shift register is added 
modulo 2, in four strings of 4 bits to four strings of 4 bits into which a 1 6-bit key register is subdivided, 

40 resulting in four 4-bit strings, S-BOX 1... S-BOX 4. Each of those strings is subjected to an "S(election)- 
BOX" operation (see subroutine S-BOX, program line 54), resulting, in each case, in one bit value per 
string. These four bits are again combined into one string, S-BOX 5 which is likewise subjected to an S- 
BOX operation, resulting in one encryption bit. This is then added modulo 2 to the first plain text bit to 
appear, resulting in the cipher text; moreover, (the value of) the output bit is passed back to the input of the 

45 16-bit shift register. 

In Figure 6, the cipher text (received from the encryption module) is added modulo 2 to a decryption bit 
which is generated in precisely the same manner as the encryption bit in the encryption module from 
Figure 5. The result is - at least if the cipher text has not been perturbed en route - a replica of the original 
plain text. The effect of perturbations en route, in the transmission medium, has already been discussed in 
so the above and hereinafter is additionally illustrated in another form. 

The operation of the encryption device from Figure 7 is by and large the same as that from Figure 5, 
the difference being that it is not, each time, the value of the last encryption bit which is passed back to the 
input of the 16-bit register, but the value of the last encrypted bit, in other words the last cipher text bit. To 
simulate this mode, use can be made of the same program from Table 5, the parameter "MODE" (see line 
55 13) being set to "2" (see also line 24). 

The operation of the decryption device from Figure 8 again corresponds to that of the encryption device 
from Figure 7, provided that in each case the last-received cipher text bit is fed to the input of the 16-bit 
shift register. As a result of the cipher text bit stream also being added modulo 2 to the decryption bit 
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stream produced via the shift register, the key. register and the five S-BOXES, a replica of the original plain 
text bit stream is produced once more. The effect of perturbations en route, in the transmission medium, 
has already been discussed in the above and hereinafter is additionally illustrated in another form. 

The encryption device from Figure 9 and the decryption device from Figure 10 form the simplest 

5 embodiment of a cryptographic device in accordance with the 0(utput)C(ipher)FB mode presented by the 
present invention. In this mode, both the encryption bits, coming from the output of S-BOX 5 and the 
encrypted bits (the cipher text bits) are -passed back to the input of the shift register, according to a function 
which in the simplest form consists of mixing the two bits by modulo-2 addition. Other than that the 
operation of the two devices is the same as that of the preceding devices. The effect of perturbations en 

70 route, in the transmission medium, has already been discussed in the above and hereinafter is additionally 
illustrated in another form. 

The encryption device from Figure 11 and the decryption device from Figure 12 are a variation of the 
devices from the Figures 9 and 10; these provide slightly stronger cryptographic protection than the devices 
from the Figures 9 and 10, owing to the encryption bit stream from S-BOX 5 first being delayed, via a 4-bit 

75 shift register, before being added modulo 2 to the encrypted bits. In the simulation programs from Table 5 
and Table 6, said delay is carried out in line 25. 

The cryptographic devices from the Figures 13 and 14 form an embodiment, which incidentally 
corresponds to the devices from the Figures 11 and 12, of a cryptographic device in accordance with the 
O(uptut) P(lain) FB mode presented by the present invention. In this mode, both the encryption bits, coming 

20 from the output of S-BOX 5 and the (original or decrypted, respectively) plain text bits are passed back to 
the input of the shift register, in accordance with a function which in the simplest form consists of the 
mixing of the two bits by modulo-2 addition, but which, as in these figures, is preferably additionally 
preprocessed by, for example, a shift register. Other than that, the operation of the two devices is the same 
as that of the preceding devices. 

25 To enhance the cryptographic strength, in the preceding examples, in the devices from the Figures 11, 

12, 13 and 14, the encryption bit stream from S-BOX 5 was first delayed before mixing, via modulo-2 
addition, with the bit stream fed back to the shift register; it is equally possible, instead thereof or in addition 
thereto, for the other bit stream to be passed back to the shift register via modulo-2 addition (in the OCFB 
mode this is the encrypted bit stream; in the OPFB mode the plain text or the decrypted bit stream, 

30 respectively) first being delayed. Instead of the bit streams to be fed back being delayed, they can also first 
be encrypted (internally). To this end it is possible, in the specific embodiments from the Figures 11-14, for 
the 4-bit shift register to be replaced by a sixth S-BOX, whose operation is identical to S-BOX 1-5 and 
carries out a simple cryptographic one-way operation on the bit stream to be fed back. Preferably, however, 
an (internal) encryption module is employed for this purpose, which causes the bit stream to be passed 

35 back to be encrypted in accordance with the known OFB or CFB mode or in accordance with a form (for 
example the simplest form, see Figure 9) of the OCFB or OPFB mode presented in the present application. 

The effect of perturbations en route, in the transmission medium, have is already been discussed in the 
above and is also illustrated hereinafter in another form. 

Hereinafter, the effect of perturbations en route, in the transmission medium between the encryption 

40 device and the decryption device, is again illustrated for the various modes, but by means of a piece of 
(ASCII) text. The characters of this text have been converted, via their ASCII values, into a bit stream which 
is then encrypted and decrypted again. The decrypted bit stream is again converted into ASCII characters. 
Table 7 illustrates all this for encryption and decryption in the OFB mode, the original' plain text (in 
characters) and the decrypted text being shown in the case that no perturbation takes place en route, in the 

45 case that en route a "bit flip" occurs of one of the encrypted bits, and in the case that en route a "bit 
deletion" first takes place, followed by, some hundred bits later, a "bit insertion". Table 8 illustrates the 
same cases for the CFB mode, Table 9 for the OCFB mode, and Table 10 for the OPFB mode. These 
illustrations clearly show that in the known modes automatic restoration of the transmitted text takes place, 
whereas if the modes according to the invention are employed, any type of perturbation of the encrypted bit 

so stream leads to permanent perturbation of the re-encrypted text. 
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* * OUTPUT FEEDBACK MODE * * 
PLAIN TEXT BIT STREAM (<BITS.IN>): 

1 11 100001 11100001 11 100001 1110000111 10000 111100001 11 100001 11 10000 
ENCRYPTED BIT STREAM ( <BITS. ENC> ) : 

01 101 1011 1010101 11 110 1001010000010101 101 100101 11 1011 1001 101 10001 
DECRYPTED BIT STREAM ( <BITS. DEC> ) : 

1111000011110000111100001111000011110000111100001111000011110000 

* BIT FLIP OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

0110110111010101111001001010000010101101100101111011100110110001 
DECRYPTED BIT STREAM (< BITS . DEC >) : 

1 11 100001 11 100001 11000001 1110000111100001111000011 1100001 11 10000 

* BIT DELETION OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

011011011101010111101001010000010101101100101111011100110110001 
DECRYPTED BIT STREAM ( < BITS . DEC> ) : 

111 1000011 11 000011101101 0001000 10000011 00 100 1000001 110 100010001 

* BIT INSERTION AFTER BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

0 1101 101 110101 01 11 11 101001010000010101 101 100 101 11 101 11001 101 10001 
DECRYPTED BIT STREAM ( < BITS . DEC> ) : 

1 11 100001 11100001111111000000000000010111010110010010101100110011 



Tab. 1 - Output Feedback Mode 



* * CIPHER FEEDBACK MODE * * 
PLAIN TEXT BIT STREAM (<BITS.IN>): 

1 11 1O00O1 11100001111000011 110000111100001 11 1000011 1100001 11 10000 
ENCRYPTED BIT STREAM ( < BITS . ENC> ) : 

01 1001 11001000 1001 1010001 101000010011 1111001100011101001 11000010 
DECRYPTED BIT STREAM ( < BITS . DEC> ) : 

111100001 11 100001 11 100001 11 100001 11 100001 11 100001 11 100001 11 10000 

* BIT FLIP OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

0110011100100010011110001101000010011111100110001110100111000010 
DECRYPTED BIT STREAM ( < B ITS . DEC> ) : 

1 11 100001 11100001 11001001 11001001 10100001111000011 110000111 10000 

* BIT DELETION OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

01 10011 100100010011 10001 10100001001 11 11100110001 1101001 11000010 
DECRYPTED BIT STREAM ( < BITS. DEC> ) : 

1 11 100001 11 10000 U 101101 11 100011 10100001 11100001111000011110000 

* BIT INSERTION AFTER BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

0110011100100010011001000110100001001 1111100110001110100111000010 
DECRYPTED BIT STREAM ( <BITS. DEC> ) : 

1111000011 1100001111110101101000011010000111100001111000011110000 



Tab. 2 - Cipher Feedback Mode 
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* * OUTPUT/CIPHER FEEDBACK MODE * * 
PLAIN TEXT BIT STREAM (<BITS.IN>): 

n nooooi i ii oooo li liooooii 110000111 100001 moooou nooooi moooo 

ENCRYPTED BIT STREAM ( <BITS . ENC> ) : 

1101 101 11O01 11 11 1101 11 10 11 101 11001 1000100001 1101 11001 1010011 1010 
DECRYPTED BIT STREAM ( <BITS . DEC> ) : 

il 110000 11 1100001 11100001 11 100001 11 100001 11 100001 11100001 1110000 

* BIT FLIP OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

11 01 1011 10011 111 11001 110 11101110011000 100001 1101 1100 110 10011 1010 
DECRYPTED BIT STREAM (<BITS. DEC> ) : 

1111000011110000111000001101000010000110110011011101100110100110 

* BIT DELETION OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

1101 10111001111111011101110111001100010000111011100110100111010 
DECRYPTED BIT STREAM ( <BITS . DEC> ) : 

11 1100001111000011110011 110010110101000000100101010011 110100010 

* BIT INSERTION AFTER BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

1101 10111001111 111011111011101110011000100001110111001 10100111010 
DECRYPTED BIT STREAM ( < BITS . DEC> ) : 

111 100001 11100001 11 10001 10101101 10001 01 01 100 10 100 11 111 10100011000 



Tab, 3 - Output/Cipher Feedback Mode (2) 



* * OUTPUT/ PLAIN FEEDBACK MODE * * 
PLAIN TEXT BIT STREAM (<BITS.IN>): 

11 1100001 11 100001 11 100001 11 100001 11 100001 11 100001 111000011 110000 
ENCRYPTED BIT STREAM ( <BITS . ENC> ) : 

1100111101101010000101000101100100100111010110011000001010100000 
DECRYPTED BIT STREAM ( <BITS . DEC> ) : 

111100001 11 100001 11 1000011 1100001 11 10000111 100001 11 100001 11 10000 

* BIT FLIP OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

11001 11 101 10 1010000001000101 100100 100 11 10 101 100 11000001010100000 
DECRYPTED BIT STREAM ( < BITS . DEC> ) : 

111100001 11100001 110000O101 101 1000001 110011100001 110010000110000 

* BIT DELETION OF BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

11001 11 10 110 10100000 10001 01 1001001001 11010 1100 11000001010100000 
DECRYPTED BIT STREAM ( <BITS. DEC> ) : 

11 11000011 11000011 10 1000011 1001101 11000010 1000 10 11 111101101 1101 

* BIT INSERTION AFTER BIT NUMBER 20 RESULTS INTO: 
ENCRYPTED BIT STREAM (<BIT.ENC>): 

11 001 11 10 11010100001 10 100010 11001001001 110 101 100 1 100000 1010100000 
DECRYPTED BIT STREAM ( <BITS . DEC> ) : 

111 100001 11100001 11 11010100001001 110100001 100010 111 10 111001 1001 11 



Tab. 4 - Output/Plain Feedback 
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10 REM SAVK-ESCRYPT.DKV.A 

11 REM * * * BIT STREAM EBCRYPT10H * * * 

12 R-16:PLAlHTrr»8:KrnXT-9:CIPHERTXT-lO 

13 OPEN "MODE* FOR INPUT AS# 1 : INPUT 11 .MODE: CLOSE 

14 INISTR$--UOi 10001001 110000100011 110 10101000011 U00O1 110101 

1 5 KEY STRS- LIFTS ( IHISTKS , R) : RXCSTR$ -RIGHTS ( IH1STRS , R) 

16 F$(1)»"BITS.IN" 

17 FS(2)="BITS.ENC" 

18 F$(3>»"LOC.0UT" 

19 OPEN FS(1) FOR INPUT AS#1 

20 OPEN FS(2) FOR OUTPUT AS#2 

21 OPEN F$<3) FOR APPEND AS#3 

22 PRINT#3, "ENCRYPTED BIT STREAM (<BITS .ENO) : " 

23 IF MODE" L THEN BIT$<4) -BITS (CIPHERTXT) :COTO 31 

24 IF MODE-2 THEN BIT$<4) -BITS(KEYTXT) :COTO 31 „„„„ , 4 

25 IF MODE>2 THEN DELREC$-LEFT$(BITS(EETrXT) + DELREC$, 4, :BITS(5) -RIGHTS < DELRECS , 1 > 

26 IF M0DE=3 COTO 2B 
2 7 IF H0DE«4 GOTO 30 

28 IF BITS (5 )=BIT$ (CIPHERTXT) THEN BITS (4)="0": ELSE BIT$(«)-"1" 

2 9 GOTO 3 1 

30 IF BIT$(5)=BIT$(PLAINTXT) THEH BITS ( 4) --0" :ELSE BIT$(4>»"1* 

3 1 R£CSTRS-RICHTS(REGSTR$+BITS(4) ,R) 

32 FOR N-l TO R/4 

33 RECSTR$(N)=KID$(RECSTR$,4»(N-1>+1»4) 

34 NEXT N 

35 FOR N-L TO R/4 

36 KZYSTR$(N)=MID$(KEYSTR$,4*(N-1)+1,4) 

3 7 NEXT N 

38 FOR N-l TO R/4 

f 0 i° R «D S (^CSm(H,.M, 1 .^ID S ( 1 ^STR S (H,.H.l, THEH WXSTK(m.«»TM(N*-0-.nSE BOXSTRS.Ii)- 

BOXSTRSfNJ+M" 

4 1 NEXT M 

42 NOT N 

43 FOR N-l TO R/4 

44 BOXINPS-BOXSTR$(N):GOSlffi 54 : BOXSTRS-BOXSTRS+BOXOUTPS 

45 NEXT N 

66 BOX1NPS-BOXSTRS:GOSUB 54 :BITS (KEYTXT) -BOXOUTPS 

Vs ^V^^mV^'*™ .m,ci««m,-...«« .mcciimm,-i.. *** «.»< 

BITS(PIAINTXT) AND BITS (KEYTXT) , RESULTING IHTO BITS(CIPHERTXT) 
49 PRINTf2,BlTS<ClPHERTXT) ; 

52 FOR N-l TO R/4:BOXSTR$(N)- B " :KEXT N:BOXSTRS-** 

53 IF NOT EOFdi GOTO 23r ELSE PRIHT# 3 CLOSE: SYSTEM 

54 REM SUBROUTINE S-BOX 

55 IF BOX1NPS-"0000* THEH BOXOUTPS- "0" 

56 IF BOXINP$«"0001" THEH BOXOUTP$-*0" 

57 IF BOXINPS-*0010" THEH BOXOUTP5-"l" 

58 IF BOXIHFS-"0011" THEH BOXOUTPS-"!" 

59 IF BOXINPS-"0100" THEN BOXOUTPS- "0" 

60 IF BOXIHP$-"0101" THEH BOXOUTPS-" 1" 

61 IF BOXINPS*"0110" THEN BOXOUTPS-" 1" 

62 IF BOXINP$*"0111" THEH BOXOUTP$*"0- 

63 IF BOXINP$«M000" THEH B0X0UTP$<="0" 

64 IF BOX1NPS-"1001" THEH BOXOUTPS*" 1" 

65 IF BOXINPS-M010- THEH BOXOUTPS- 

66 IF BOXIHPS-MOIT THEH BOXDUTP$■ ,, 1" 

67 IF BOXINPS-M100* THEH BOXOUTPS-" 0" 
66 IF BOX1NPS-M101* THEH BOXOUTPS-'O* 

69 IF B0XINPS-M110" THEH BOXOUTPS-" 1* 

70 IF BOXINPS-Mlll* THEH BOXOUTPS-" 1" 

71 RETURN 
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10 REM SAVE-DECRYPT.DEV.A 

11 REM * * * BIT STREAM DECRYPT! 08 * * * 

12 R- 16 :CIPHJ3nTr-8:KETTXT-9: DECIPHERTXT- 10 

13 OPEH "MODE" FOR INPUT AS# 1 : INPUT # 1 « MODE ; CLOSE 

14 INISTRS-- 1101 100010011 100001000 11 1101010100001 1110001 110101" 

15 K£YSTR$*LEFT$ ( INISTRS , R) : REGSTRS*RICHT$ ( IHISTR$ , R) 

16 F$(1)--BITS.ENC* 

17 E$(2)--BITS.DEC* 

18 F$(3)«-LOC.OUT* 

19 OPEN FS(1) FOR INPUT AS#1 

20 OPEN FS<2) FOR OUTPUT ASI2 

21 OPEN F$(3) FOR APPEND AS#3 

22 PRINT#3 , "DECRYPTED BIT STREAM (<BITS.DEO) : " 

23 IF HODE-1 THEN BITS< 4) -BITS (CIPHERTXT) :GOTO 31 

24 IF MODE-2 THEN BIT$<4) -BIT$(KEYTXT) :COT0 31 

25 IF M0DE>2 THEN DELRECS-LEIT$(BIT$(KEYTXT) *DELREC$,4) : BITS (5) -RIGHTS (DELRICS, 1) 

26 IF MODE-3 GOTO 28 
2 7 IF HODE-4 GOTO 30 

28 IF BIT$(5)«BIT$(CIPHERTXT) THEN BIT$(4>-"0":ELSE BIT$(4)-M" 

29 GOTO 31 

30 IF BIT$(5)«BIT$( DECIPHERTXT) THEN B1T$(4)»"0":ELSE BIT$(4)--1* 

31 RECSTR$»RICHT$(RECSTR$+BIT$(4) ( R) 

32 FOR N«l TO R/4 

33 RECSTR$(N)=HID$(RECSTRS,4*(N-1>*1,4) 

34 NEXT N 

35 FOR N-l TO R/4 

36 KEYSTRS(N)^rtD$(KEYSTRS,4*(N-l) + l,4) 

37 NEXT N 

38 FOR N-l TO R/4 

39 FOR M-l TO R/4 

40 IF MIDS(R£CSTRS{N),M,1)-MID$(KZYSTR${N),M 1 1) THEN BOXSTR$(N) -BOXSTRS(N) +"0" :ELSE BOXSTRS(H) — 
B0XSTRS(N)+"1" 

41 NOT M 

42 NEXT N 

43 FOR N-l TO R/4 

44 BOXINP$=BOXSTR$(N) :COSUB 54:BOXSTR$=BOXSTR$+BOXOUTP$ 

45 NEXT N 

46 BOXINPS»BOXSTR$:COSUB 54 :BIT$ (KXYTXT) «BOXOUTP$ 

4 7 BITS (CIPHERTXT) -INPUTS < 1 . 1 1) : P-P+ 1 

48 IF BITS (CIPHERTXT) -BITS (XEYTXT) THEN BIT$< DECIPHERTXT >-*0« :ELSE BIT$(DECIPHERTXT) 1" : REM 
COMBINE BITS (CIPHERTXT) AND BIT$ (KEYTXT) , RESULTING INTO BITS (DECIPHERTXT) 

49 PRINT#2 f BITS ( DECIPHERTXT) ; 

50 PRINT* 3 , BITS (DECIPHERTXT) i 

51 PRINT USING ~ttt IHPUT & - BOX CONT. fc & & & I - OUTPUT LAST BOX & - OUTPUT ; P;BIT$(CIF- 
HERTXT) ;B0XSTR5( 1) ;B0XSTR${2) ;B0XSTR$<3) ;B0XSTR$(4) ;BOX£TR$;SIT$(KXTTXT) ; BITS (DECIPHERTXT) 

52 FOR N-l TO R/4:B0XSTR$(N>*":NEXT N:BOXSTR$*-- 

53 IF NOT EOF(l) GOTO 23: ELSE PRIHTI 3 » " • : CLOSE : SYSTEM 

54 REM SUBROUTINE S-BOX 

55 IF BOXINPS-'OOOO" THEN BOX0UTP$-"0" 

56 IF BOXINPS^OOOl" THEN BOX0UTP$«"0'' 

57 IF BOXINPS--0010- THEN B0X0UTPS-- 1 " 

58 IF BOXINPS-'OOH- THEN BOX0UTPS-" 1" 
THEN BOX0UTP$--0" 
THEH BOXOUTPS-M" 
THEN BOX0UTP$-'l- 
THEH BOXOUTP$-"0- 
THEH BOXOUTP$-"0- 
THEH BOX0UTPS-" I" 
THEH BOX0UTP$«"0" 
THEH BOXOUTP$«"1" 
THEH BOXOUTPS-'O" 
THEH BOXOUTPS»*0" 
THEH BOXOUTPS-"! - 
THEH BOX0UTPS-" 1" 



59 IF BOXIHPS-*0100 

60 IF BOXINPS--0101 

61 IF BOXINPS-"0110 

62 IF B0XINP$-"0111 

63 IF BOXINP$«"1000 
6 4 IF BOXINP$-"1001 

65 IF BOXINPS.'MOIO 

66 IF BOXIHP$-*i011 

67 IF BOXINPS-MIOO 1 

68 IF BOXINPS-M101 

69 IF BOX1NPS--1110 

70 IF BOXINPS-Mlll 

71 RETURH 
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* * OUTPUT FEEDBACK MODE * * 

* PLAIN TEXT: _ . ... a 

The invention provides for two new cryptographic modi in which a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* DECRYPTION OF AN ERROR FREE CIPHER TEXT RESULTS INTO: 

The invention provides for two new cryptographic modi in which a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* BIT FLIP OF BIT NUMBER 450 RESULTS INTO: 

The invention provides for two new cryptographic modi in'which a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* BIT DELETION OF BIT NUMBER 450 AND BIT INSERTION AFTER BIT NUMBER 

550 RESULTS INTO: rtM * M n 
The invention provides for two new cryptographic modi inNoMn- 
J<al |L85Kturbance of the encrypted token stream always will 
result into a permanent disturbance of the output stream of the 
decipher device. 
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* * CIPHER FEEDBACK MODE * * 



* PLAIN TEXT 



The invention provides for two new cryptographic modi in which a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* DECRYPTION OF AN ERROR FREE CIPHER TEXT RESULTS INTO: ' 

The invention provides for two new cryptographic modi in wnicn a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* BIT FLIP OF BIT NUMBER 450 RESULTS INTO: 

The invention provides for two new cryptographic modi inE hicn a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* BIT DELETION OF BIT NUMBER 450 AND BIT INSERTION AFTER BIT NUMBER 

5 50 RESULTS INTO: ^ 
The invention provides for two new cryptographic modi inUN- 
1L_L11. r-^lLoVdrbance of the encrypted token stream always will 
result into a permanent disturbance of the output stream of the 
decipher device. 



Tab. 8 - Cipher Feedback Mode - A characters example 
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* * OUTPUT/CIPHER FEEDBACK MODE * * 

* PLAIN TEXT: 

The invention provides for two new cryptographic modi in which a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* DECRYPTION OF AN ERROR FREE CIPHER TEXT RESULTS INTO: 

The invention provides for two new cryptographic modi in which a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* BIT FLIP OF BIT NUMBER 450 RESULTS INTO: 

The invention provides for two new cryptographic modi 
insoi: tEw^-an-) »4n+a6=] e ! u t ^-tCcw2e£x'C^f ]r , 7o2ti s "iH-duQ 1 3 4«Na*±-c 
,n F € )V J 08A<9X] | L BuJ B L ±C-£ ( )8*n 9rd^ 6i:%7ai8fc4u *ue±ug • Yrqu "k£G» 
>-CA/nu J | n Z0 |R_6A 

* BIT DELETION OF BIT NUMBER 450 AND BIT INSERTION AFTER BIT NUMBER 
5 50 ■ RESULTS INTO: 

The invention provides for two new cryptographic modi 
ins ' ttn • \ peA | 6 1 g?=*o-&66Y^3o/^Co+«ge£: £3oS#A T zQaiOd || r^O* 1 " >t\&d 
Bv'Caiay-^ j6l(r/6Nafin6Tr^ne i A§fi8l-t- n U'v' \fi? icKv±F*} \ >Wtu ! fl Y»ZLT2 
-a.+eY[±yo#sdn , || n 
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* * OUTPUT / P LA I N FEEDBACK MODE * * 

* PLAIN TEXT: 

The invention provides for two new cryptographic modi in which a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

* DECRYPTION OF AN ERROR FREE CIPHER TEXT RESULTS INTO: 

The invention provides for two new cryptographic modi in which a 
disturbance of the encrypted token stream always will result 
into a permanent disturbance of the output stream of the decip- 
her device. 

★BIT FLIP OF BIT NUMBER 450 RESULTS INTO: 

The invention provides for two new cryptographic modi 
in]TT|Ep-*' «STf;mt ||>l|ee4>»Cft6aiQjuCzcJ <§9/^r^ | | l zTo f ■ +t i f ) I^A^EJPU 
uf£Oqm[o\ejWTf/<. * W/gJ P ■ lE_+f 6<Y n ii 1 -6 • • i i-i^ Xzd&z ±m »O lL ua» ?pJ H e 
| n jN£tflB fJ^RSExaft 

* BIT DELETION OF BIT NUMBER 450 AND BIT INSERTION AFTER BIT NUMBER 
550 RESULTS INTO: 

The invention provides for two new cryptographic modi inNa- 
4> ' 5o6^|B I b f^PTr-tl.MrJ-e^llwl-sJ 6 f *xfl( ) ISS-iUTAiryPt- 1 -! - obs|}=f~K- 

H$A B ] ± ^ = } a LrQ"? 7*3e sFa <$> [ An 9 1| /$ j-w|pij 4b4Vs0AxJ | fcH - IHI *f *M#0- 
j|e3QSuI rrr c U ||uX.C 



Tab. 10 - Output/Plain Feedback Mode - A characters example 



55 Claims 



Cryptographic system, comprising an encryption device on one side of a transmission system, for 
encrypting a first character stream (a) into a second character stream (b), and a decryption device on 
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another side of the transmission system, for decrypting the second character stream (b), presented via 
the transmission system, into a third character stream (c) which under normal conditions is a replica of 
the first character stream (a), the first character stream (a) being mixed in the encryption device with a 
fourth character stream (d) generated in said encryption device, and the product of mixing resulting 
therefrom being presented as the second character stream (b) to the transmission system, and the 
second character stream (b) supplied via the transmission system being mixed in the decryption device 
with a fifth character stream (e) generated in said decryption device and the product of mixing resulting 
therefrom being picked up from the device as the third character stream (c), the fourth character stream 
(d) in the encryption device being a function of an internal character string, referred to as key string 
(KEY), and, by feedback, said fourth character stream (d), and the fifth character stream (e) in the 
decryption device being a function of a key string (KEY), identical to the one in the encryption device, 
and, by feedback, said fifth character stream (e), characterized in that in the encryption device the 
fourth character stream (d) is, moreover, by feedback, a function (f) of the second character stream (b) 
and in the decryption device the fifth character stream (e) is, moreover, by feedback, a function (f) of, 
likewise, the second character stream (b). 

Cryptographic system, comprising an encryption device on one side of a transmission system, for 
encrypting a first character stream (a) into a second character stream (b), and a decryption device on 
another side of the transmission system, for decrypting the second character stream (b), presented via 
the transmission system, into a third character stream (c) which under normal conditions is a replica of 
the first character stream (a), the first character stream (a) being mixed in the encryption device with a 
fourth character stream (d) generated in said encryption device, and the product of mixing resulting 
therefrom being presented as the second character stream (b) to the transmission system, and the 
second character stream (b) supplied via the transmission system being mixed in the decryption device 
with a fifth character stream (e) generated in said decryption device and the product of mixing resulting 
therefrom being picked up from the device as the third character stream (c), the fourth character stream 
(d) in the encryption device being a function of an internal character string, referred to as key string 
(KEY), and, by feedback, said fourth character stream (d), and the fifth character stream (e) in the 
decryption device being a function of a key string (KEY), identical to the one in the encryption device, 
and, by feedback, said fifth character stream (e), characterized in that in the encryption device the 
fourth character stream (d) is, moreover, by feedback, a function (f) of the first character stream (a) and 
in the decryption device the fifth character stream (e) is, moreover, by feedback, a function of the third 
character stream (c). 

Cryptographic system according to Claim 1 or 2, characterized in that said feedback of, in the 
encryption device, the second and the fourth character stream (b and d) or the first and the fourth 
character stream (a and d) and, in the decryption device, of the second and the fifth character stream 
(b and e) or the third and the fifth character stream (c and e) is effected involving a delay of at least 
one of said fed-back character streams (a, b, c, d or e) by means of a delay module, both in the 
encryption device and in the decryption device. 

Cryptographic system according to Claim 1 or 2, characterized in that said feedback of, in the 
encryption device, the second and the fourth character stream (b and d) or the first and the fourth 
character stream (a and d) and, in the decryption device, of the second and the fifth character stream 
(b and e) or the third and the fifth character stream (c and e) is effected involving an internal encryption 
of at least one of said fed-back character streams (a, b, c, d or e) by means of an internal encryption 
module, both in the encryption device and in the decryption device. 

Cryptographic device for encrypting or decrypting a first character stream (a or b, respectively) 
supplied to said device into a second character stream (b or c, respectively), said first character stream 
being mixed with a third character stream (d or e, respectively) which is generated in said device and is 
a function of an internal character string, referred to as key string (KEY), and, by feedback, said third 
character stream (d or e, respectively), characterized in that the third character stream (d or e, 
respectively) is, moreover, by feedback, a function of the first character stream (a or b, respectively). 

Cryptographic device for encrypting or decrypting a first character stream (a or b, respectively) 
supplied to said device into a second character stream (b or c, respectively), said first character stream 
being mixed with a third character stream (d or e, respectively) which is generated in said device and is 
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a function of an internal character string, referred to as key string (KEY), and, by feedback, said third 
character stream (d or e, respectively), characterized in that the third character stream (d or e, 
respectively) is, moreover, by feedback, a function of the second character stream (b or c, respec- 
tively). 

Cryptographic device according to Claim 3 or 4, characterized in that said feedback of the third 
character stream (d or e, respectively) and that of the first character stream (a or b, respectively) or 
second character stream (b or c, respectively) is effected involving a delay of at least one of said fed- 
back character streams (a, b, c, d or e) by means of a delay module. 

Cryptographic device according to Claim 3 or 4, characterized in that said feedback of the third 
character stream (d or e, respectively) and that of the first character stream (a or b, respectively) or 
second character stream (b or c, respectively) is effected involving an encryption of at least one of said 
fed-back character streams (a, b, c, d or e) by means of an encryption module. 
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